This article describes how to add a new VAP member to an existing Check Point cluster with minimal downtime.This article describes how to add a new VAP member to an existing Check Point cluster with minimal downtime.
Goal: To increase the VAP count of a Checkpoint Firewall-1 VAP group and add the new blade with minimal downtime.
The following circuit definitions exist on the X-Series prior to configuring for increased vap-count:
ip 192.168.9.1/24 increment-per-vap 192.168.9.2
ip 192.168.6.1/28 increment-per-vap 192.168.6.2
Note: A brief outage will be incurred when you enable state synchronization on both cluster members and restart the firewall process for the change to take effect.
Increase the VAP Count
1. Extend the IP ranges for the mgmt and sync circuits:
CBS# configure circuit mgmt vap-group fw ip 192.168.9.1/24 increment-per-vap 192.168.9.3
CBS# configure circuit sync vap-group fw ip 192.168.6.1/24 increment-per-vap 192.168.6.3
2. Increase the vap-count:
CBS# configure vap-group fw vap-count 3
Adjusting vap-count. May take several minutes.......
3. Adjust the load-balance-vap-list so it only includes members 1 and 2: